Monday, 29 August 2011

Cost Of Living

Does it make sense to factor in the cost of living when determining the salary of remote employees?

Companies often do this. I don't know exactly why --- perhaps they don't either --- but I can think of a couple of plausible reasons. It seems fair to try to normalize the "real compensation" across employees. It seems likely that salaries are already generally higher where the cost of living is higher, so new offers need to be higher to be competitive.

On the other hand, supposing you have a roving developer who doesn't work in an office, it doesn't make sense to me to pay them five times as much because they choose to live in London rather than Bhopal. If they're going to be equally effective in each place, their location is their business and if they want to live somewhere cheap and live like a king, why should they be penalized for that?

There may be an interesting economic effect where companies that allow employees to be mobile and adjust pay for cost-of-living are effectively subsidizing the economies of expensive locations. I wonder if anyone's looked into that.

I think the answer to my initial question must be complicated. It should depend on how the location matters to the employer. If location doesn't matter at all to the employer, it seems to me cost-of-living should not be taken into account directly. It may have an indirect effect by raising the level an offer needs to be competitive.

Disclaimer --- this post is my opinion and is unrelated to Mozilla's policies.

Thoughts On Management

I've been managing people for a while now. It's not my favourite job --- technology is my passion --- but it has to be done, and it has to be done well, so I'm happy to do it while Mozilla needs me to. We recently did a round of performance reviews and I've been reflecting on what I've learned.

I'm a slack manager. Most people on my team probably don't get more than fifteen minutes a week interacting with me "as a manager". I mostly get away with it for two reasons. Most people on my team are awesome and need very little supervision; they're self-motivated, capable, and function well when left alone to "get on with it". Also, I interact with them a lot in non-manager ways: code reviews, Bugzilla traffic, IRC, and other project-level communication that I'd have even if I wasn't a manager. I admit that the real reason I'm a slack manager is to give me time to work on code.

Another strange thing about this team is that we don't have regular group meetings. In my view, meetings are a tax on productivity and should only be held when necessary, and I think so far the projects executed by my team have not required whole-group coordination. There's some value in having people know what other people are doing, but I'm not convinced it justifies the cost yet.

I haven't been having one-on-one meetings with the people in the Auckland office because we were able to talk about what everyone's working on over lunch every day. However it became clear that actual one-on-one meetings would help bring out issues, so we've started doing that.

One thing I've mostly ignored is "career development". Two options that seem to be common outside Mozilla are training and promoting people into new roles. For most platform developers, though, I don't know what training would be effective. There isn't a manual for browser development, and if there was a lot of it would be written by Mozilla people; we pass that knowledge on through mentoring, code reviews, and shared experience. Once they've mastered basics like knowledge of algorithms, logic and thinking in terms of invariants (which most people have learned before they get to Mozilla), the only ways I know to improve their general development skills are experience and imposing good tools or processes (e.g. testing).

During the last round of performance reviews I tackled the career question by asking people whether there was anything they would like to do at Mozilla that they weren't currently doing. Almost without exception they answered that they love the technical work they do and would be happy to continue doing it indefinitely. I think this would seem strange to a lot of people (I think there's a widely held view that if you're in the same role for too long, there must be stagnation) but I understand it very well, because I feel the same way myself! I enjoy the fresh technical challenges that keep coming along --- new bugs, new features, often whole new technical areas to explore (typography, graphics, video, RTC...). People who keep working on Gecko, who get better and better at it with deeper and deeper knowledge of the Web and our code, keep increasing their value to Mozilla. So I definitely won't ever push people out of their current role for the sake of change.

However, we do need to make sure that we don't miss any opportunities to find roles that might make people even happier or more productive. Just asking them isn't necessarily effective since there may be opportunities they're not aware of or incorrectly assume they won't enjoy. I need to be a bit more proactive in this area.

Friday, 19 August 2011

New Mozilla Auckland Office Is Live!

On Wednesday we moved into the new Mozilla Auckland office! For about a week the only thing holding us back was getting Internet access hooked up. Once that happened around 4pm Wednesday, we lost no time in shifting over our most important gear (laptops and monitors of course). Carrying all that gear through the streets of Newmarket, I'm glad we didn't start a riot. We capped off an exciting day with a "pizza and Settlers" evening in the office.

The new office is very close to the old office. It's on the 7th floor of 5 Short St, Newmarket. This is the top of one of the tallest buildings in Newmarket so we have great views! We can see the Hauraki Gulf, Rangitoto Island, Motutapu Island, Motuihe Island, Waiheke Island and Browns Island, and Coromandel (including Moehau Range and Castle Rock); Bastion Point, Tamaki Drive, Hobson Bay, Kepa Bush, Thomas Bloodworth Park and Outhwaite Park; the Hunua Ranges; Mt Wellington, Mt Hobson, Mt Eden, One Tree Hill and trees of the Domain; Lumsden Green, Broadway (all the way to Parnell), Khyber Pass, Short St, Kingdon St, Shore Rd and the railway; Auckland Hospital, the Sky Tower, Auckland Grammar School, and the old Dominion Brewery; and of course large tracts of Remuera, Mt Eden and Newmarket. OK, you have to squint to see some of those :-). You can see six volcanic cones in all (not counting the Moehaus which are a much older volcanic range). The downside is that now I have to resist staring out the window wishing I was outdoors :-).

We have great new facilities: more desks, work tables, an eating area, a much better kitchenette, a decent-size meeting room and two smaller meeting rooms. The network is already better than the old office's and will get better still when it's upgraded next month. With these facilities we will be able to do more --- hire more people, host more visitors, host meetings of 30 people or more, and hopefully get more work done!

To all friends of Mozilla in Auckland or passing through: please stop by and check it out! At some point --- hopefully soon --- I want to organize an official "open day" event for the public where we can talk about our work and Mozilla.

Enormous thanks to the Mozilla team that put all this together, especially Karl Tomlinson who has been very busy handling the local arrangements! The Stack design team has also done a great job.

Tuesday, 16 August 2011

Securing Full-Screen

Some Web apps would benefit from displaying full-screen, without any non-app content visible. Obvious examples are watching video and playing immersive games. A while ago I proposed a Web API to enable this, and Chris Pearce is making good progress implementing a version of it in Firefox. A slightly different version of it is in Safari now too.

Our biggest issue right now is how to make it secure. The perceived threat is a malicious page going full-screen and then displaying something that looks like the content of another site, say the user's bank, complete with false URL bar --- or the content of a native application or the operating system, for that matter.

There are a few things we can do to make it harder for a malicious application to go full-screen. We can ensure that full-screen requests are only honoured from scripts triggered by user input (mouse clicks and keystrokes), much like requests to open popup windows. We can make sure that when going full-screen, we display a clear message describing how to leave full-screen --- like Flash does, but hopefully better. Then if a malicious page goes full-screen when the user didn't want to, the user will probably exit full-screen immediately.

A harder case is when the user intentionally goes full-screen to watch a video or play a game, but the application later tries to abuse full-screen status by spoofing another page or application. Most spoofing attacks require user input that the browser can detect, so for full-screen video and other applications that don't require much input, we could show a real URL bar while the user is typing input, so the user knows the true domain. However, many applications (games) want to be full-screen while receiving the full range of user input. It's unclear how we could distinguish such applications from a spoofing attack. The risks here already exist to some extent, if an application can persuade users to manually go full-screen, for example by pressing F11 in Firefox.

This feature seems particularly challenging to design because browser security often depends on the assumption that the user can visually identify the domain of the current page at all times, and full-screen violates that by definition. (However, mobile browsers seem to violate that assumption by hiding browser UI most of the time; I wonder how browser security people feel about that.)

This problem would be a good one for security researchers to study and solve! I think the world would be a better place if security research focused more on constructive solutions to problems like this one :-). Anyway, feedback and ideas welcome from anyone, security researchers or not.

Tuesday, 9 August 2011

Eden Park

On Saturday night our family went to Eden Park to watch the All Blacks play Australia. We are fortunate to live within walking distance of the stadium (OK, it's a longish walk --- half an hour, for me). We won't be watching any World Cup games at Eden Park so this was our only chance to see it at its full size with the temporary stands. In fact, we had seats at the top of the temporary West Stand. The seating and the view was really excellent. I had worried that it would be cold since wind and rain were predicted, but the weather turned out fine and we had a wonderful time. From that height you're far away from the action but you have a really good angle to watch the entire field. You can watch how the teams position themselves and organize their defence across the entire field, something you normally can't do watching on TV. That was especially relevant for this game since both these teams like to use all the space on the field.

The crowd was big but everything seemed to go very smoothly inside and outside the stadium. Some in the row in front of us were rowdy and liked to call out "Bullshit, ref!" at every opportunity ... something my kids are not used to hearing. At the beginning they noticed this and apologized, but after a few more drinks they forgot to apologize anymore :-). But hey, it's a rugby game, so no surprise :-).

Of course the mood of the crowd was helped by the All Blacks winning comfortably. It's quite a remarkable record that they haven't lost at Eden Park since 1994 (and not against Australia there since 1986).

I haven't seen in the media any pictures of the revamped stadium from the outside. It actually looks quite cool, a little bit like the Olympic stadium in Beijing.

One other nice thing is that our route to Eden Park takes us through Dominion Road, which has a large collection of good Chinese restaurants. Our regular place there is Love A Duck but it was full; however, lots of other restaurants in the area had space, even just an hour and a half before the game. We had a fine dinner at some Shanghainese place; Shanghai Dimsum might be its English name, or that might just be descriptive text.

Monday, 8 August 2011

South Island Holiday

Two weeks ago we had a family holiday in the South Island. The idea was just to head down to the mountains and relax in the wintry environment, without skiing or snowboarding because I'm completely useless at those.

We flew to Queenstown and stayed a few nights at the Novotel Lakeside hotel. The room was small but the location was great, right next to Lake Whakatipu and the Queenstown Gardens park. The first full day we walked the Twelve Mile Creek loop track with a side trip to Lake Dispute, about four hours of walking altogether up in the hills north of the lake along the road to Glenorchy. The weather was great and the views over the lake to Walter Peak etc were stunning, as usual. The upper part of the track was above the snow line. Below the snow line, water running in the forest had frozen into icicles and other fantastic ice formations.

On Sunday a "polar blast" blanketed much of the country in snow. It snowed pretty hard in Queenstown at times. We spent some time inside at the Caddyshack mini-golf park, which was well worth it. We started heading up Queenstown Hill but turned back because the snow was just falling too hard, so we spent the rest of the day manipulating snow in the Queenstown Gardens.

The next day we had to drive to Twizel so we got the chains on the rental car and headed out on still-quite-snowy roads. But about halfway to Cromwell we took them off again because ironically it had failed to snow in the Mackenzie Basin, in the heart of the Southern Alps, even while it was snowing down to sea level elsewhere! So we had an uneventful drive to Twizel. We had a nice stop at Lindis Pass, which was beautiful.

We went to Mt Cook village where it was very definitely snowing, and windy and cold too. We managed to make our way to the Kea Point lookout over the frozen lake at the end of Mueller Glacier, but it was hard going for an hour into the teeth of a high wind. All the other tracks in the area were closed due to the conditions, so I was impressed to see three people tramp out of the wilderness; they must have been in the back country when the weather hit.

We visited Lake Tekapo. The big plan that day was to get up Mt John. The direct track (~1 hour) was closed due to "icy conditions" so we set off on the long route, north alongside the lake and then up and south along the ridge to the summit (~2.5 hours). The ridge was exposed to the wind so we were a bit cold by the time we got there, although the views up there made it well worth it. We got up there around 4pm with a bit over an hour of daylight left. My plan had been to run down and bring the car back to the top to pick up the rest of the family, but on our way up they'd closed the road due to high winds. (I'm not sure why; the road did not look precipitous.) So we were up there having hot chocolate at the cafe wondering how we were going to get down, which felt odd. We met a guy who'd come up the direct route, and he told us the ice wasn't really a problem and there were no dropoffs, so we decided to go down that way. We put on our waterproof pants and whenever it got too icy to walk, we just did a glissade. It was actually a lot of fun.

We drove to Dunedin and visited the Cadbury factory. Later we drove out along the Otago Peninsula --- lovely. We went on the Taieri Gorge Railway --- a lot more impressive. The Taieri river looks good for rafting.

This was the first family road trip with a smartphone. Having maps, GPS and Web browsing were very useful. On the other hand, the temptations to surf and read email were hard to resist, so it's a mixed blessing. I'm undecided whether to bring it again.

Blog Update

After years of service from (thanks Jason!), I moved my blog to Having it hosted under my own domain name makes it more future-proof, but since I don't want to run my own server, I'm using Blogger to host it. Unlike, Blogger doesn't let you upload any old content, but I've worked around that by putting images and other content on hosted by Google Sites. Getting this setup working and my content migrated was a bit of a pain but it seems to be working well now. I worked with Jason to put in redirects from all the old articles to their new locations.

Blogger seems pretty good. Unlike Wordpress, they give me free hosting under my own domain name. The design options are very flexible, and the stats pages are nice. We'll see how it goes, but so far, so good.

Friday, 5 August 2011


I've read a few books lately...

I read Pirate Freedom by Gene Wolfe; it's definitely the best Catholic pirate time-travel fantasy I've ever read. Seriously, it's quite good. Most Wolfe novels I've read have felt a little too obscurantist, like I'm taking a fiendishly difficult reading comprehension test, but this one's just good.

I read a few classic Philip Dick novels: The Man In The High Castle, The Three Sigmata Of Palmer Eldritch and Do Androids Dream Of Electric Sheep?. They're all good, although The Man In The High Castle seemed the best; his depiction of Japanese influence on postwar California (in a future where the Allies lost World War 2) is intriguing. Although I liked the novels, they all gave me an odd mental aftertaste, as if my own grip on reality had been subtly undermined. Perhaps that's what taking drugs is like. It would certainly explain --- or be explained by --- Dick's lifestyle.

I read The Runes Of The Earth, Stephen Donaldson's return to the Thomas Convenant saga that I read the first six books of in the early 90s. It's not bad, although like his previous books I find it grossly overwritten. I'll probably read on, although (spoilers!) I'm rather nervous, since the introduction of time travel into a long-running storyline is usually a sign that you've jumped the shark.

Now I'm working through Harry Potter. Partly it's because I want to be ahead of my kids reading it, but it's not bad at all. It definitely picked up in the third book.

I've bought The Scar by China Mieville. I liked Perdido Street Station a lot, despite the deus ex machina ending, and Iron Council was quite good even though it didn't make any sense. Mieville's world-building is captivating. Like Dick, though, his books leave me with a mental aftertaste. Mieville's world seems wrong in a way that no other fantasy world does to me. There seems to be a fundamental disorder; a feeling that there are no laws or limits or organizing principles, or those that exist are corrupt somehow. I can't explain it very well. It tastes of Hell, maybe.

Rugby Fandom

Many people in New Zealand feel down when the All Blacks lose, especially in the World Cup. It seems silly to me, although I'm sometimes one of them; sports simply aren't that important. Along with that we have an unhealthy tendency to excoriate and repudiate losing teams, which apart from being unfair is also irrational because in most close games, factors outside the team's control could easily have determined the result.

Therefore, I have a plan. Starting tomorrow night (when I will be watching NZ vs Australia at Eden Park) I intend to enjoy watching the game whether the All Blacks win or lose, and encourage others to do the same. We'll see if I make it through the World Cup :-).